Description:
A vulnerability was reported in OpenSSL. The impact was not specified. Palo Alto PAN-OS is affected.

A remote server can return a specially crafted NewSessionTicket message to a connected multi-threaded client to cause the client to attempt to reuse a previous ticket and trigger a race condition. As a result, a double free memory error may occur in ssl3_get_new_session_ticket().

Emilia Kasper of the OpenSSL development team reported this vulnerability.